- Regula rules are written in Rego, which is an open source policy language used by the Open Policy Agent project
- The tool checks Terraform scripts before they deploy infrastructure
According to a report by Jaxenter, cloud infrastructure security and compliance solution provider Fugue has made one of their tools called Regula open source. As per a press release, Regula is a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations before deployment. Fugue has made Regula available on the company’s GitHub repo.
Regula rules are written in Rego, which is an open source policy language used by the Open Policy Agent project. It can be integrated into CI/CD pipelines to prevent cloud infrastructure deployments that may violate security and compliance practices.
Checks Terraform scripts before they deploy infrastructure
As per the report, the tool checks Terraform scripts before they deploy infrastructure. Before entry into the main pipeline, any potential security or compliance concerns are taken care of. The changes get passed onto the next stage if the check passes without issue. It can catch misconfigurations that may not have been flagged by the more common compliance standards.
The report said that Regula initially supports rules that validate Terraform scripts written for AWS infrastructure. It includes mapping to CIS AWS Foundations Benchmark controls where it is relevant.